Password diversity
Pierre-Yves Chibon
pingou at pingoured.fr
Thu Dec 1 13:30:55 UTC 2011
On Wed, 2011-11-30 at 20:09 -0500, Adam M. Dutko wrote:
>
> The more characters the better, the more complex the better, and the
> less predictable the better.
Following this, then we should not enforce a minimum number of different
characters in the password, nor should we use a rainbow table to check
for existing/known password.
I guess it is all a matter of balance pros and cons but I cannot make my
mind on what is best ('aaaaaaaaaaaaaaaaaaaa' still seem to be a horrible
password to me).
I'll just keep the patch somewhere until we've decided if it is worth
applying or not.
Thanks,
Pierre
More information about the infrastructure
mailing list